Search

GPG

GNU Privacy Guard (GPG, also GnuPG) is free encryption software that is compliant with the OpenPGP (RFC4880) standard. Using GPG, it is possible to encrypt (and decrypt) files that contain sensitive data or sign / verify the documents.

GPG Trezor integration lets user sign emails, git commits, and software packages, manage passwords (with pass and gopass, among others), authenticate web tunnels or file transfers, and more. Instead of keeping your GPG keys on your computer and decrypting it with a passphrase when you want to use it, the key is generated and stored on the Trezor device and never reaches your computer. If the device is stolen or damaged, user can easily restore the keys using backup - Recovery seed - on the new device. To read more about common use cases of GPG, please visit this GitHub page.

NoteThis guide was tested on the following clean systems: Linux Mint 19, Ubuntu 18.04.1 LTS (Bionic Beaver). It works with Trezor One with 1.6.0 bootloader and 1.7.0 firmware or higher and with Trezor Model T.

7. Add the following line at the end of your .bashrc file which is located in your home directory

export GNUPGHOME=~/.gnupg/trezor

This GNUPGHOME contains your hardware keyring and agent settings. The agent software assumes all keys are backed by hardware devices, so you cannot use standard GPG keys in GNUPGHOME (if you do mix keys, you will receive an error when you attempt to use them).